diff options
| author |   Lars Wendler <polynomial-c@gentoo.org> | 2017-06-03 13:48:46 +0200 |
|---|---|---|
| committer | Lars Wendler <polynomial-c@gentoo.org> | 2017-06-03 13:48:46 +0200 |
| commit | fd4e6acf26c5766cfe17b4d1be223afcd0bab1e0 (patch) | |
| tree | 0e19c7f5dd9baab9fa783be886266b4eb47cd8a8 | |
| parent | app-admin/sudo: Removed old. (diff) | |
| download | gentoo-fd4e6acf26c5766cfe17b4d1be223afcd0bab1e0.tar.gz gentoo-fd4e6acf26c5766cfe17b4d1be223afcd0bab1e0.tar.bz2 gentoo-fd4e6acf26c5766cfe17b4d1be223afcd0bab1e0.zip | |
app-arch/bzip2: Security revbump to fix CVE-2016-3189 (bug #620466).
Package-Manager: Portage-2.3.6, Repoman-2.3.2
| -rw-r--r-- | app-arch/bzip2/bzip2-1.0.6-r8.ebuild | 114 | ||||
| -rw-r--r-- | app-arch/bzip2/files/bzip2-1.0.6-CVE-2016-3189.patch | 18 |
2 files changed, 132 insertions, 0 deletions
diff --git a/app-arch/bzip2/bzip2-1.0.6-r8.ebuild b/app-arch/bzip2/bzip2-1.0.6-r8.ebuild new file mode 100644 index 000000000000..c5e3c31b4f8a --- /dev/null +++ b/app-arch/bzip2/bzip2-1.0.6-r8.ebuild @@ -0,0 +1,114 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# XXX: atm, libbz2.a is always PIC :(, so it is always built quickly +# (since we're building shared libs) ... + +EAPI=5 + +inherit eutils toolchain-funcs multilib multilib-minimal + +DESCRIPTION="A high-quality data compressor used extensively by Gentoo Linux" +HOMEPAGE="http://www.bzip.org/" +SRC_URI="http://www.bzip.org/${PV}/${P}.tar.gz" + +LICENSE="BZIP2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd" +IUSE="static static-libs" + +PATCHES=( + "${FILESDIR}"/${PN}-1.0.4-makefile-CFLAGS.patch + "${FILESDIR}"/${PN}-1.0.6-saneso.patch + "${FILESDIR}"/${PN}-1.0.4-man-links.patch #172986 + "${FILESDIR}"/${PN}-1.0.6-progress.patch + "${FILESDIR}"/${PN}-1.0.3-no-test.patch + "${FILESDIR}"/${PN}-1.0.4-POSIX-shell.patch #193365 + "${FILESDIR}"/${PN}-1.0.6-mingw.patch #393573 + "${FILESDIR}"/${PN}-1.0.6-out-of-tree-build.patch + "${FILESDIR}"/${PN}-1.0.6-CVE-2016-3189.patch #620466 +) + +src_prepare() { + epatch "${PATCHES[@]}" + + # - Use right man path + # - Generate symlinks instead of hardlinks + # - pass custom variables to control libdir + sed -i \ + -e 's:\$(PREFIX)/man:\$(PREFIX)/share/man:g' \ + -e 's:ln -s -f $(PREFIX)/bin/:ln -s -f :' \ + -e 's:$(PREFIX)/lib:$(PREFIX)/$(LIBDIR):g' \ + Makefile || die +} + +bemake() { + emake \ + VPATH="${S}" \ + CC="$(tc-getCC)" \ + AR="$(tc-getAR)" \ + RANLIB="$(tc-getRANLIB)" \ + "$@" +} + +multilib_src_compile() { + bemake -f "${S}"/Makefile-libbz2_so all + # Make sure we link against the shared lib #504648 + ln -sf libbz2.so.${PV} libbz2.so + bemake -f "${S}"/Makefile all LDFLAGS="${LDFLAGS} $(usex static -static '')" +} + +multilib_src_install() { + into /usr + + # Install the shared lib manually. We install: + # .x.x.x - standard shared lib behavior + # .x.x - SONAME some distros use #338321 + # .x - SONAME Gentoo uses + dolib.so libbz2.so.${PV} + local v + for v in libbz2.so{,.{${PV%%.*},${PV%.*}}} ; do + dosym libbz2.so.${PV} /usr/$(get_libdir)/${v} + done + use static-libs && dolib.a libbz2.a + + if multilib_is_native_abi ; then + gen_usr_ldscript -a bz2 + + dobin bzip2recover + into / + dobin bzip2 + fi +} + +multilib_src_install_all() { + # `make install` doesn't cope with out-of-tree builds, nor with + # installing just non-binaries, so handle things ourselves. + insinto /usr/include + doins bzlib.h + into /usr + dobin bz{diff,grep,more} + doman *.1 + + dosym bzdiff /usr/bin/bzcmp + dosym bzdiff.1 /usr/share/man/man1/bzcmp.1 + + dosym bzmore /usr/bin/bzless + dosym bzmore.1 /usr/share/man/man1/bzless.1 + + local x + for x in bunzip2 bzcat bzip2recover ; do + dosym bzip2.1 /usr/share/man/man1/${x}.1 + done + for x in bz{e,f}grep ; do + dosym bzgrep /usr/bin/${x} + dosym bzgrep.1 /usr/share/man/man1/${x}.1 + done + + dodoc README* CHANGES manual.pdf + dohtml manual.html + + # move "important" bzip2 binaries to /bin and use the shared libbz2.so + dosym bzip2 /bin/bzcat + dosym bzip2 /bin/bunzip2 +} diff --git a/app-arch/bzip2/files/bzip2-1.0.6-CVE-2016-3189.patch b/app-arch/bzip2/files/bzip2-1.0.6-CVE-2016-3189.patch new file mode 100644 index 000000000000..1d0c3a6dd34f --- /dev/null +++ b/app-arch/bzip2/files/bzip2-1.0.6-CVE-2016-3189.patch @@ -0,0 +1,18 @@ +Upstream-Status: Backport +https://bugzilla.suse.com/attachment.cgi?id=681334 + +CVE: CVE-2016-3189 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +Index: bzip2-1.0.6/bzip2recover.c +=================================================================== +--- bzip2-1.0.6.orig/bzip2recover.c ++++ bzip2-1.0.6/bzip2recover.c +@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv ) + bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 ); + bsPutUInt32 ( bsWr, blockCRC ); + bsClose ( bsWr ); ++ outFile = NULL; + } + if (wrBlock >= rbCtr) break; + wrBlock++; |